CrowdStrike, Symantec, and ESET are three big names in the cybersecurity world. But a new lawsuit claims they have been conspiring to hamper independent reviews of their antivirus products.

Cybersecurity testing provider NSS Labs has filed an antitrust lawsuit against the three vendors over alleged attempts to set conditions on how their products are independently vetted.

According to NSS Labs, the vendors are out to prevent a bad review from harming their reputations, even as they risks exposing customers to security risks. "If you are in the cybersecurity industry, it won't surprise you to hear that vendors often know about their products' deficiencies yet don't reveal them to consumers," NSS Labs CEO Vikram Phatak wrote in a blog post.

"What should shock you is that they are actively conspiring to prevent independent testing that uncovers those product deficiencies to prevent consumers from finding out about them," he added.

As evidence, Phatak points to CrowdStrike's end user license agreement, which prohibits third parties from publishing performance data on the company's products. He also claims that the three vendors banded together with another cybersecurity testing group, AMTSO, to promote vetting standards favorable to their security software in an attempt to deny NSS Labs from reviewing them.

"Vendors are openly exerting control and collectively boycotting testing organizations that don't comply with their AMTSO standards — even going so far as to block the independent purchase and testing of their products," Phatak claimed.

CrowdStrike dismissed the allegations as baseless. "NSS is a for-profit, pay-to-play testing organization that obtains products through fraudulent means and is desperate to defend its business model from open and transparent testing," the antivirus provider told PCMag.

"We have undergone independent testing with AV-Comparatives, SE Labs, and MITRE and you can find information on that testing here," it added. "We applaud AMTSO's efforts to promote clear, consistent, and transparent testing standards."

CrowdStrike and NSS Labs have battled in court before. Last year, the security firm tried and failed to prevent NSS Labs from publishing an unfavorable product test, claiming that the results were flawed.

ESET told PCMag it denies all the allegations in the lawsuit. "Our customers should be reassured that ESET's products have been rigorously tested by many independent third-party reviewers around the world, received numerous awards for their level of protection of end users over many years and are widely praised by industry-leading specialists," the company said.

AMTSO also defended itself from the charges, saying the group is promoting a voluntary, but fair and ethical testing standard.

"(The testing standard) does not tolerate backroom deals, 'fitted' results, or offering private, pay-to-play, undisclosed advantages to some vendors but not others," the group told PCMag.

"NSS is a member of AMTSO, and one of their employees was an important member of the working group that developed the standard. Rather than trying to use the legal system to tear down what we all built together, we encourage NSS to bring its concerns back to the table and engage with the rest of AMTSO membership to make our industry better," AMTSO added.

Symantec also dismissed the allegations as baseless and claimed that NSS Labs was after profits over objective security testing. "We welcome the opportunity to bring the discussion of fair and open testing further into the public conversation, while also shining a light on certain business practices within the testing industry," the company said in a statement.

Editor's note: This story has been updated with a statement from AMTSO, ESET and Symantec.

About the Author

Michael has been a PCMag reporter since October 2017. He previously covered tech news in China from 2010 to 2015, before moving to San Francisco to write about cybersecurity. His Twitter is @Michael_Kan. Signal number: 415 696 5528

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.